6 matches found
SUSE CVE-2023-53761
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the driver does not check that the direction is...
PT-2025-43132
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 Description The Linux kernel contained a potential deadlock issue within the netlink set err function. The syzbot fuzzer identified a possible lock inversion dependency,...
SUSE CVE-2023-53548
In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504...
CVE-2022-49985 bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
Exploiting the Linux kernel via packet sockets
Guest blog post, posted by Andrey Konovalov Introduction Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes ho...
CVE-2016-2549
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...